package cn.gjculture.shopping.api.config;

import cn.gjculture.shopping.api.entity.Return;
import cn.gjculture.shopping.api.entity.Token;
import cn.gjculture.shopping.api.entity.User;
import cn.gjculture.shopping.api.service.TokenService;
import cn.gjculture.shopping.api.service.UserService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;


@Slf4j
public class WebFilter extends GenericFilterBean {
    String[] uriList={"/pay/payback","//pay/payback",
            "/loginMgr","//loginMgr","/image/upload/goods","//image/upload/goods",
            "/image/upload/hotel","//image/upload/goods",
            "/image/upload/thumb","//image/upload/thumb","/wx","//wx",
            "/pay/back","//pay/back","/merchant/registerBack","//merchant/registerBack"
    };
    List<String> list= Arrays.asList(uriList);

    TokenService tokenService;
    UserService userService;

    WebFilter(TokenService tokenService,UserService userService){
        this.tokenService=tokenService;
        this.userService=userService;
    }
    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse resp=(HttpServletResponse)response;
        HttpServletRequest req=(HttpServletRequest)request;
        String uri=req.getRequestURI();
        log.info("uri:{}",uri);
        resp.setHeader("Access-Control-Allow-Origin", "*");
        String token=req.getHeader("token");
        if (StringUtils.isEmpty(token)) {
            token=request.getParameter("token");
        }
        log.info("token:{}",token);
        if (!StringUtils.isEmpty(token)) {
            Token t=tokenService.queryByToken(token);
            if (t!=null) {
                tokenService.updateExpirationTime(token);
//                chain.doFilter(req,resp);
                if(uri.contains("/customer/upLevel")||uri.contains("/customer/export")){
                    User user=userService.queryById(t.getCustomerId());
                    if(user!=null&&"cyt".equals(user.getUserName())){
                        chain.doFilter(req,resp);
                    }else{
                        this.set403(resp);
                    }
                }else{
                    if(uri.contains("/pay/withdraw")){
                        User user=userService.queryById(t.getCustomerId());
                        if(user!=null&&"xst".equals(user.getUserName())){
                            chain.doFilter(req,resp);
                        }else{
                            this.set403(resp);
                        }
                    }else{
                        chain.doFilter(req,resp);
                    }
                }
            }else{
                this.set403(resp);
            }

        }else if(list.contains(uri)|| uri.contains("/websocket/")){
            chain.doFilter(req,resp);
        }else {
            this.set403(resp);
        }
    }

    private void set403(HttpServletResponse resp) throws IOException {
            Return ret=new Return();
            ret.getCommon().setRet(false);
            resp.sendError(401,"你没有权限访问");
    }
}
